If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

You have a database and use a serverside to show the link to those authorised to download it.

STOP using $ prefix on JavaScript variable names...
Please remember to wrap any code you have in forum tags:- [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]If you can't think outside the box, you will be trapped forever with no escape...

Generally you need a file-server script that will validate the user is logged in and has access to that file, and then serves up the file by reading it from disk (e.g. readfile() or from the DB if you prefer). If doing a readfile(), you can simply put the file(s) outside of the web document root directory tree, so no one can access it via HTTP (or you can have it in the web root but use .htaccess to prohibit access). You might still use a DB to record meta-data about the files, including file names, directories, and types. Then the download link would point to the file-server script, which validates the user and the input (e.g. ?file=some_id_here), and if everything is okay, use header() to set some file-type headers and such, the readfile() the desired file path-name extracted from the DB.

"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation

You could if you don't wish to have a login scenario, you could have a database that is used to store hash keys.

The person rolls up to your website and is asked to provide an email address and if you want a pin number to access the file.

Your system generates a hash key, stores it with the email in the database.

You then have a script generate a URL using the hash key and that then gets emailed to the user.

They then get an email with the URL to the file, that download script than asks the user to validate their email and supply a pin if generated.

The download then starts.

You then have the hash tag and email deleted from the database which then renders that link useless and the person then has to provide email to get a hash key which can be as simple as the users email address + the PHP time() functions value.

STOP using $ prefix on JavaScript variable names...
Please remember to wrap any code you have in forum tags:- [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]If you can't think outside the box, you will be trapped forever with no escape...

Thats fine if you want to have a user log in but you need something to test it against which implies that the person visiting has an account.

The same can be achieved in Apache servers .htaccess

you can achieve the same with simple javascript but that has the vulnerability of being bypassed by browsers that don't use javascript because they either don't have it or it has been disabled.

I have been fleshing out a system which when a request for a file is made, the system asks for an email address, it generates a hash, URL and sends an email to the address and the user then clicks the link in the email and punches in the PIN number and or email address used to obtain the link and the whole thing is one time use.

Then any file request is not hot link-able.

STOP using $ prefix on JavaScript variable names...
Please remember to wrap any code you have in forum tags:- [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]If you can't think outside the box, you will be trapped forever with no escape...